Date: Tue, 16 Jan 2001 21:02:13 -0800 From: Dima Dorfman <dima@unixfreak.org> To: "Michael R. Wayne" <wayne@staff.msen.com> Cc: hackers@FreeBSD.ORG Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general) Message-ID: <20010117050218.8D3563E02@bazooka.unixfreak.org> In-Reply-To: Message from "Michael R. Wayne" <wayne@staff.msen.com> of "Tue, 16 Jan 2001 22:35:10 EST." <200101170335.WAA18537@manor.msen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Recommendation: > A number of the executables located in /sbin and /usr/sbin are > never going to be invoked for any legitimate use by anyone other > than the superuser. In particular, servers such as portmap and > inetd run by non-root users are unlikely to do what was intended. > It seems a prudent measure to simply not set execute permission > by "other" on such programs during the install, giving the user > a handy "Permission denied" message when such an attempt is made. Since these files don't run with any extra privileges (i.e., they're not setuid or setgid), nothing stops a user from uploading their own copy and running it. Your proposal doesn't actually improve security; it just annoys the attacker. Whether this is a good thing or a waste of time is a matter of opinion; personally, I'm in the latter boat (i.e., I see no reason to do this). Dima Dorfman dima@unixfreak.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010117050218.8D3563E02>